Thursday , 2 July 2020
Home / IT Security / Security+ (page 10)

Security+

The Patriot Act

The Patriot Act

The Uniting and Strengthening America by Providing Appropriate Tools Required to Intercept and Obstruct Terrorism (USA PATRIOT) Act of 2001 was passed largely because of the World Trade Center attack on September 11, 2001. This law gives the U.S government extreme latitude in pursuing criminals who commit terrorist acts. The definition of a terrorist act is broad. The law provides …

Read More »

The Computer Security Act of 1987

The Computer Security Act requires federal agencies to identify and protect computer systems that contain sensitive information. This law requires agencies that keep sensitive information to conduct regular training and audits and to implement procedures to protect privacy. All federal agencies must comply with this act. Note: For more information on the Computer Security Act, visit http://epic.org/crypto/csa/.   The Cyber …

Read More »

The Cyberspace Electronic Security Act

The Cyberspace Electronic Security Act

The Cyberspace Electronic Security Act (CESA) was passed in 1999, and it gives law enforcement the right to gain access to encryption keys and cryptography methods. The initial version of this act allowed federal law enforcement agencies to secretly use monitoring, electronic capturing equipment, and other technologies to access and obtain information. These provisions were later stricken from the act, …

Read More »

The Family Educational Rights and Privacy Act

The Family Educational Rights and Privacy Act

The Family Educational Rights and Privacy Act (FERPA) dictates that educational institutions may not release information to unauthorized parties without the express permission of the student or, in the case of a minor, the parents of the student. This act also requires that educational institutions must disclose any records kept on a student when demanded by that student. The law …

Read More »

The Computer Fraud and Abuse Act

The Computer Fraud and Abuse Act

The Computer Fraud and Abuse Act (CFAA) went into a law in 1986. The original law as introduced to address issues of fraud and abuse that weren’t well covered under existing statues. The law was updated inn 1994, in 1996, and again in 2001. This act gives federal authorities, primarily the FBI, the ability to prosecute hackers, spammers, and others …

Read More »

The Gramm-Leach-Bliley Act

The Gramm-Leach-Bliley Act

The Gram-Leach-Bliley Act, also known as the Financial Modernization Act of 1999, requires financial institutions to develop privacy notices and to notify customers that they are entitled to privacy. The act prohibits banks from releasing information to nonaffiliated third parties without permission. Many customers groups have criticized the implementation of this act by financial institutions because of all the paperwork …

Read More »

The Health Insurance Portability and Accountability Act

The Health Insurance Portability and Accountability Act

The Health Insurance Portability and Accountability Act (HIPAA): is a regulation that mandates national standards and procedures for the storage, use, and transmission of personal medical information. Passed into law in 1996, HIPAA has caused a great deal of change in healthcare recordkeeping. HIPAA covers three areas—confidentiality, privacy, and the security of patient records. It was implemented in several phases …

Read More »

Cookies and Attachments

Cookies and Attachments

Cookies and Attachments: Cookies are texts files that a browser maintains on the user’s hard disk in order to provide a persistent, customized web experience for each visit. A cookie typically contains information about the user. For example, a cookie can contain a client’s history to improve customer services. If a bookstore wants to know your buying habits and what …

Read More »

ACL: Access Control Lists

Access Control Lists

Access Control Lists: Related to permissions is the concept of the access control lists (ACL). An ACL is literally a list of who can access what resource and at what level. It can be an internal part of an operating system or application. For example, a custom application might have an ACL that lists which users have what permissions (access …

Read More »

Malicious Insider Threats

Malicious Insider Threats

Malicious Insider Threats: One of the most dangerous threats to any network is an insider who is intent on doing harm. By being an insider, they have already gotten past your first defense and they might be motivated by a desire to make someone pay for passing them over for promotions, bored and looking for something to do, or driven …

Read More »